douchui4815 2012-08-14 16:21
浏览 25
已采纳

安全地从Amazon S3提供文件

I have an app that uploads user files to S3. At the moment, the ACL for the folders and files is set to private.

I have created a db table (called docs) that stores the following info:

id
user_id
file_name (original file as specified by the user)
hash_name (random hash used to save the file on amazon)

So, when a user wants to download a file, I first check in the db table that they have access to file. I'd prefer to not have the file first downloaded to my server and then sent to the user - I'd like them to be able to grab the file directly from Amazon.

Is it OK to rely on a very very long hashname (making it basically impossible for anyone to randomly guess a filename)? In this case, I can set the ACL for each file to public-read.

Or, are there other options that I can use to serve the files whilst keeping them private?

  • 写回答

2条回答 默认 最新

  • dougong9987 2012-08-14 16:27
    关注

    Remember, once the link is out there, nothing prevents a user from sharing that link with others. Then again, nothing prevents the user from saving the file elsewhere and sharing a link to the copy of the file.

    The best approach depends on your specific needs.

    Option 1 - Time Limited Download URL

    If applicable to your scenario, you can also create expiring (time-limited) custom links to the S3 contents. That would allow the user to download content for a limited amount of time, after which they would have to obtain a new link.

    http://docs.amazonwebservices.com/AmazonS3/latest/dev/S3_QSAuth.html

    Option 2 - Obfuscated URL

    If you value avoiding running the file through your web server over the risk that a URL, however obscure, might be intentionally shared, then use the hard-to-guess link name. This would allow a link to remain valid "forever", which means the link can be shared "forever".

    Option 3 - Download through your server

    If you are concerned about the link being shared and certainly want users to authenticate through your website, then serve the content through your website after verifying user credentials.

    This option also allows the link to remain valid "forever" but require the user to log in (or perhaps just have an authentication cookie in the browser) to access the link.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置